Uh, I found reason of error it was small length field for name in
procedure. Length name that user was 25 chars!
I want to ask, have that code issue for SQL injections now or not?
db.executesql(
"execute procedure esp_web_new_user('{0}','{1}','{2}','{3}','{4}',{5})".
format(
str(form.vars.f),str(form.vars.i),str(form.vars.pser),str(form.vars.pnum),
str(form.vars.num),auth.user_id)#auth.user.last_name,auth.user.first_name
)
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
